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Abstract — Security of information transmitted through the 
Internet, against passive or active attacks is an international 
concern. The use of a chaos-based pseudo-random bit sequence 
to make it unrecognizable by an intruder, is a field of research in 
full expansion. This mask of useful information by modulation or 
encryption is a fundamental part of the TLS Internet exchange 
protocol. In this paper, a new method using discrete chaotic 
iterations to generate pseudo-random numbers is presented. This 
pseudo-random number generator has successfully passed the 
NIST statistical test suite (NIST SP800-22). Security analysis 
shows its good characteristics. The application for secure image 
transmission through the Internet is proposed at the end of the 
paper. 

Keywords -Chaotic sequences; Topological chaos; Pseudo- 
random number generator; Statistical tests; Internet security; 
Discrete chaotic iterations. 



I. Introduction 

Nowadays, the world is highly computerized and inter- 
connected, this leads to a growing interest in the use of 
digital chaoticQ systems offering the possibility to reinforce 
the security of cryptographic algorithms, like those present 
in the Transport Layer Security protocol (TLS is an Internet 
exchange protocol). The advantage of the use of chaotic 
dynamics for security problems lies in their unpredictability 
character and in the mathematical theory of chaos. This 
theory brings many qualitative and quantitative tools, namely 
ergodicity, entropy, expansivity and sensitive dependence to 
initial conditions, these tools allow the study of the random- 
ness of the disorder generated by the considered system. 

Most of these new applications use chaotic maps as pseudo- 
random number generators to obtain a binary stream, for 
example, for symmetric encryption. Random number gen- 
erators are essential in several fields like statistical studies, 
simulations (used for performance evaluations) or cryptog- 
raphy. They may be based on physical noise sources or 
on mathematical algorithms. However, in both cases, truly 
random numbers are not obtained because of data acquisition 
systems in the first case and machine precision in the sec- 
ond one. Instead, any real implementation actually produces 
a pseudo-random number generator (PRNG). Before using 
those generators in cryptographic applications, some strong 
requirements must be checked, for instance, they have to pass 
the up-to-date National Institute of Standards and Technology 
(NIST) statistical test suite 0, they should possess a long 
cycle length and a good entropy, etc. At the same time, 
the PRNG must also pass usual evaluations using traditional 
digital signal processing tools (autocorrelation function, cross- 
correlation function and fast Fourier transform). 

'in this document, chaos means Devaney's topological chaos [3j| which 
implies a deterministic but unpredictable system very sensitive to its initial 
conditions. 



The behaviors of chaotic dynamical systems are very sim- 
ilar to those of physical noise sources lTl2l . Their sensitivity 
to initial conditions and their broadband spectrum make 
them good candidates to generate cryptographically secure 
PRNGs. Particularly, they have several basic properties that 
any good PRNG must possess: a long cycle length, strong 
randomness and entropy, speed, reproducibility, etc. However, 
chaotic dynamical systems are usually continuous and hence 
defined on the real numbers domain. The transformation 
from real numbers to integers may lead to the loss of the 
chaotic behavior. The conversion to integers needs a rigorous 
theoretical foundation. 

In this paper, a new chaotic pseudo-random bit generator 
is presented, which can also be used to obtain numbers 
uniformly distributed between and 1 . Indeed, these bits can 
be grouped n by n, to obtain the floating part of x E [0, 1] 
represented in binary numeral system. This generator is based 
on discrete chaotic iterations which satisfy Devaney's defini- 
tion of chaos [2'|. A rigorous framework is introduced, where 
topological chaotic properties of the generator are shown. This 
generator successfully passes the whole NIST statistical tests. 
Moreover, because of its topological chaotic properties, this 
generator can be used for cryptographic applications. 

The rest of this paper is organized in the following way. In 
Section[n] some basic definitions concerning chaotic iterations 
and PRNGs are recalled. Section [III] is devoted to the new 
generator which is based on discrete chaotic iterations, all the 
design steps of this PRNG are described. In Section [IV] the 
results of some experiments and statistical tests are given. 
In Section [V] some application examples are proposed in 
the field of Internet secure exchanges. Some conclusions and 
future work end the paper. 

II. Basic recalls 

This section is devoted to basic notations and terminologies 
in the fields of chaotic iterations, Devaney's chaos and pseudo- 
random number generators. 



A. Chaotic iterations 



In the sequel [1; N] means {1,2, . 
n th term of a sequence s = (s^s 2 , 
component of a vector V = (V\, V2, 
k th composition of a function /, 




. . , N}, s n denotes the 
. .), Vi denotes the i th 
. .) and f k denotes the 



(1) 



Let us consider a system of a finite number N of cells, so 
that each cell has a boolean state. Then a sequence of length 
N of boolean states of the cells corresponds to a particular 



state of the system. A sequence which elements belong in 
Jl; NJ is called a strategy. The set of all strategies is denoted 
by S. 

Definition 1 Let S E S. The shift function is defined by a : 

(S n ) ne K E § — > {S n+1 ) n £K E § and the initial function 
i is the map which associates to a sequence, its first term: 

i ■ (S n )neft E S — > S° G [1; Nj. 

Definition 2 The set B denoting {0, 1}, let / : B N — > B N 
be an iteration function and 5 G S be a chaotic strategy. Then, 
the so-called chaotic iterations are defined by HoJ 



X° E 



Vn G M*,Vi G [l;N]|,xf 



a;?- 1 if S" ^ » (2) 

f(x n ) S n if 5" = I. 



In other words, at the n th iteration, only the S n — th cell 
is "iterated". Note that in a more general formulation, S n 
can be a subset of components and f(x n )s" can be replaced 
by f(x k )s™, where k ^ n, describing for example delays 
transmission (see e.g. JT]). For the general definition of such 
chaotic iterations, see, e.g. iflOl . 

Chaotic iterations generate a set of vectors (boolean vector 
in this paper), they are defined by an initial state x°, an 
iteration function / and a chaotic strategy S. 

B. Devaney's chaotic dynamical systems 

Consider a metric space (X, d) and a continuous function 
/ : X — > X. f is said to be topologically transitive, if for 
any pair of open sets U,V C X, there exists k > such 
that f k (U) (X, f) is said to be regular if the set 

of periodic points is dense in X. f has sensitive dependence 
on initial conditions if there exists 8 > 0, such that, for any 
x E X and any neighborhood V of x, there exists y E V and 
n ^ such that \f n (x) — f n (y)\ > S. 6 is called the constant 
of sensitivity of /. 

Quoting Devaney in |3], a function / : X — > X is said to 
be chaotic on X if (A", /) is regular, topologically transitive 
and has sensitive dependence on initial conditions. 

When / is chaotic, then the system (X, f) is chaotic and 
quoting Devaney it is unpredictable because of the sensitive 
dependence on initial conditions. It cannot be broken down 
or decomposed into two subsystems which do not interact 
because of topological transitivity. And in the midst of 
this random behavior, we nevertheless have an element of 
regularity: fundamentally different behaviors are then possible 
and occurs with an unpredictably way. 

The appendix gives the outline proof that chaotic iterations 
satisfy Devaney's topological chaos property. They can then 
be used to construct a new pseudo-random bit generator. 

C. Low-dimensional chaotic systems 

The dynamics of low dimension systems can be pre- 
dicted using return map analysis or forecasting. Messages 
can thus be extracted from the chaos ifTTI . In addition, its 
randomness nature is deteriorated when a finite precision 
arithmetic is used. The chaotic properties are reduced: some 
severe problems such as short cycle length, non-ideal 
distribution and high-correlation have been observed J4). 

Therefore, it is required to merge two or more 
low-dimensional chaotic systems, to form a composite 



one 151 11131 IfTll ll8l . With respect to this requirement, a new 
method based on discrete chaotic iterations is proposed in the 
next section. 

III. The novel generator based on discrete 

CHAOTIC ITERATIONS 

The design of the new pseudo-random number generator 
based on discrete chaotic iterations, satisfying Devaney's 
chaos, is proposed and discussed. Detail operations of this 
approach are described in this section, while their performance 
will be presented in the next section. 

A. Chaotic iterations as pseudo-random generator 

The novel generator is designed by the following process. 

Let N E 1N*,N ^ 2. Some chaotic iterations are done, 
which generate a sequence (x n ) ne - SN E (B N ) of boolean 
vectors: the successive states of the iterated system. Some of 
those vectors are chaotically extracted and their components 
constitute our pseudo-random bit flow. 

Chaotic iterations are realized as follows: initial state 
x° E B N is a boolean vector taken as a seed, explained in 
Subsection Illl-Dl and chaotic strategy (S n ) neK E [1,N] M is 
constructed from a logistic map y (eq. |4]in Subsection lHI-Bl i. 
Last, iterate function / is the vectorial boolean negation 



fo ■ (xi 



.,Xti) E 



(- 



1, ...,Xti) E 



To sum up, at each iteration, only S^-th component of state 
X n is updated, as follows 



if i ± S l 



if i = S\ 



(3) 



Finally, let M. be a finite subset of IN*. Some x n are 
selected by a sequence m" as the pseudo-random bit sequence 
of our generator, where a sequence (m n )„ e K E M is 
computed with y (eq.|6]in Subsection llll-Cb . So, the generator 
returns the following values: 

• the components of x m , 

• following by the components of x m +m , 

• following by the components of x m +m +m , 

• etc. 

In other words, the generator returns the following bits: 



1 



X 



. X 



X 



m + mi+m 2 m +?7i 1 +m2 7n +mi+m 2 



m +mi 
N 



and its k th bit is 



Lfc/NJ 



■"fc+1 (mod N) - 

The basic design steps of the novel generator are also 
presented in flow chart form in Figure Q] (N ■ L is the length 
in bits of obtained sequence). 

N = 5 and M. = {4, 5} are adopted in the following 
subsections for easy understanding. 

B. Chaotic strategy 

Let y° E]0;1[ be a real number deduced as a seed too 
(see Subsection IIII-Db and y = (y n ) n& K G [0,1] the logistic 
sequence defined as bellow 

Vn E IN, y n+1 = % n (l - y n ) (4) 

Chaotic strategy is then the sequence (S n ) n ^ E [l;5] w 
equal to 



Get initial state x ={a' x ...,X iV ) 



Choose suitable sequence m and chaotic strategy S 



Iteration, n-0 



Sub-iteration, i=0 



IE 



Calculate sum= ^ m' 



Update the .S-th component of x by /" 



Sub-iteration, i=i+l 




Figure 1: Flow chart of chaotic strategy 



Vn e IN, S n = ( |_10Vj ) mod 5 + 1 



(5) 



C. Sequence m of returned states 

Let us recall that m™ is the number of iterations between 
the n th return of 5 pseudo-random bits and the following 
n + 1 th return. To define (m n ) ne ^, the chaotic sequence of 
equation [4] is used another time: 



Vn G JNT, m n = 



4 if y n < 0.5 

5 if y n > 0.5 



(6) 



D. Parameters of the generator 

The initial state of the system x° and the first term y° of 
the logistic map are seeded by the current time in seconds 
since the Epoch, or a number that the user inputs. 

Different ways are possible. For example, let us denote by t 
the decimal part of the cunent time. So x° can be t (mod 32) 
written in binary digits (2 5 = 32 and the system is constituted 
by 5 bits) and y° = t. 

E. Illustration example 

In this example, the current time in seconds since 
the Epoch is 1237632934.484076. So, t = 484076, 

= (1,0,1,0,0) and 



x" = t (mod 32) in binary digits, i.e. x 

n 

y 



"° - 0.484076. 



Then 

. y = 0.484076, 0.998985..., 0.004053..., 0.016146..., 
0.063543.., 0.238022..., 0.725470..., 0.796651... 

. m = 4, 5, 4, 4, 4, 4, 5, 5, 5, 5, 4, 5, 4,... 

. S = 2,4,2, 2, 5, 1, 1, 5, 5, 3, 2, 3, 3,... 

Chaotic iterations are made with initial state a; , vectorial 
logical negation and strategy S, as shown in Table [JJ and m 
gives the states x n to return: x 4 , x 4+5 , x 4+5+4 , .... 

In this situation, the output of the generator is: 
10100111101111110011... 



IV. Statistical tests and Experiments 

The security of the new scheme is evaluated via both 
theoretical analysis and experiments. 

A. NIST statistical test suite 

1) Presentation: Among the numerous standard tests for 
pseudo-randomness, a convincing way to show the random- 
ness of the produced sequences is to confront them to 
the NIST (National Institute of Standards and Technology) 
Statistical Test: an up-to-dat^l test suite by the Information 
Technology Laboratory (ITL). 

The NIST test suite, SP 800-22, is a statistical package 
consisting of 15 tests. They were developed to test the 
randomness of (arbitrarily long) binary sequences produced 
by either hardware or software based cryptographic random 
or pseudo-random number generators. These tests focus on a 
variety of different types of non-randomness that could occur 
in a sequence. 

2) Interpretation of empirical results: P is the tail proba- 
bility that the chosen test statistic will assume values that are 
equal to or worse than the observed test statistic value when 
cosidering the null hypothesis. For each statistical test, a set 
of Ps is produced from a set of sequences obtained by our 
generator (i.e., 100 sequences are generated and tested, hence 
100 Ps are produced). The interpretation of empirical results 
can be conducted in any number of ways. In this paper, the 
examination of the distribution of Ps to check for uniformity 
(P r ) is used. 

The distribution of Ps is examined to ensure uniformity. 

If Pt > 0.0001, then the sequences can be considered to 
be uniformly distributed. 

In our experiments, 100 sequences (s = 100), each with 
1,000,000-bit long, are generated and tested. If the Pt of any 
test is smaller than 0.0001, the sequences are considered to be 
not good enough and the generating algorithm is not suitable 
for usage. 

Table [TT] shows Pt of the sequences based on discrete 
chaotic iterations using different schemes. If there are at least 
two statistical values in a test, the test is marked with an 
asterisk and the average value is computed to characterize the 
statistical values. Different schemes are using different lengths 
N of the iterated system and different sets M. (range of m % 
which gives the states to return). 

We can conclude from Table [TT] that the worst situation is 
Scheme 1: it just can be observed that 3 out of 15 of the tests 
are failed. However, if we find a right combination of N and 
M. (Scheme 6) a noticeable improvement is observed, and all 
the tests are passed. 

B. Experiment results 

The PRNG adopted in this section is Scheme 6 of Table [TTJ 
The auto-correlation and cross-correlation of the symbolic 
sequence are also given in Figure [2] It can be seen that this 
sequence has <5-like auto-correlation which is required for a 
good PRNG. The sequences generated with different initial 
values will have zero cross-conelation due to the sensitive 
dependence on initial conditions. 

The FFT of the sequence (Figure [3]) is performed and the 
corresponding power spectrum is computed. A complete flat 

2 A new version of the Statistical Test Suite (Version 2.0) has been released 
in August 25, 2008. 



Table I: Application example 
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10100111101111110011... 



Table II: SP 800-22 test results (P T ) 



Scheme 


1 


2 


3 


4 


5 


6 


N (size of the system) 


8 


8 


8 


5 


5 


5 


M 


{1} 


{8} 


{1,..,8} 


{4,5} 


{9, 10} 


{14, 15} 


Frequency (Monobit) Test 





0.289667 





0.108791 


0.026948 


0.851383 


Frequency Test within a Block (M=20000) 











0.699313 


0.262249 


0.383827 


Runs Test 





0.955835 


0.816537 


0.739918 


0.419021 


0.319084 


Test for the Longest Run of Ones in a Block 











0.834308 


0.616305 


0.137282 


Binary Matrix Rank Test 








0.699313 


0.935716 


0.153763 


0.699313 


Discrete Fourier Transform (Spectral) Test 











0.162606 


0.798139 


0.129620 


Non-overlapping Template Matching Test* (m=9) 











0.482340 


0.410039 


0.484733 


Overlapping Template Matching Test (m=9) 











0.401199 


0.678686 


0.474986 


Maurers Universal Statistical Test (L=7,Q=1280) 





0.075719 


0.080519 


0.102526 


0.455937 


0.096578 


Linear Complexity Test (M=500) 


0.955835 


0.474986 


0.051942 


0.023545 


0.637119 


0.419021 


Serial Test* (m=10) 











0.308152 


0.369959 


0.534272 


Approximate Entropy Test (m=10) 

















0.991468 


Cumulative Sums (Cusum) Test* 





0.553415 





0.661814 


0.840655 


0.755309 


Random Excursions Test* 


0.015102 


0.45675 


0.194299 


0.293228 


0.335133 


0.654062 


Random Excursions Variant Test* 


0.045440 


0.49615 


0.145418 


0.330716 


0.574089 


0.553885 


Success 


3/15 


7/15 


6/15 


14/15 


14/15 


15/15 




-1.5 -1 -0.5 0.5 1 1.5 



-1.5 -1 -0.5 5 1 1.5 



(a) The auto-correlation (b) The cross-correlation 

Figure 2: The auto-correlation and cross-correlation of the pseudo-random sequence 



power spectrum, with almost equal frequency contribution for 
all frequencies, is indicative of a total random serie. 

C. On the periodicity of chaotic orbit 

Suppose the system is realized in fc-bit finite precision 
(under fixed-point arithmetic) and then digital chaotic itera- 
tions are constrained in a discrete space with 2 fc elements, 
it is obvious that every chaotic orbit will eventually be 
periodic (6), i.e., finally go to a cycle with limited length 



not greater than 2 k . 

The schematic view of a typical orbit of a digital chaotic 
system is shown in Figure |U Generally, each digital chaotic 
orbit includes two connected parts: a; , x 1 , . . . , x' -1 and 
+n , which are respectively called transient 
(branch) and cycle in this paper. Accordingly, I and n + 1 
are respectively called transient length and cycle period, and 
I + n + 1 is called orbit length. 

Definition 3 A sequence X = (x 1 , x n ) is said cyclic if 



spectre 




500 1000 1500 2000 2500 



Figure 3: The FFT of the pseudo-random sequence 




Figure 4: A pseudo orbit of a digital chaotic system 

a subset of successive terms is repeated from a given rank, 
until the end of X. 

This novel generator based on discrete chaotic iterations 
generated by two pseudo-random sequences (m and S) has a 
long cycle length. If the cycle period of m and S is n m and 
715, m an ideal situation, the cycle period of the new sequence 
is n m ■ ns ■ 2 (because x = x). 

Example 1 m (n m = 2): 12121212121212121212121212... 

S (n s = 4): 1 23 4 12 3 41 2 34 1 23 4 12 3 41 2 34 1 
23 4... 

X(n x = 2-4-2 = 16): 0000(0) 1000(8) 1110(14) 
1111(15) 0011(3) 0001(1) 1000(8) 1100(12) 1111(15) 
0111(7) 0001(1) 0000(0) 1100(12) 1110(14) 0111(7) 0011(3) 

0000(0) 1000(8) 1110(14) 1111(15) 0011(3) 0001(1) 1000(8) 
1100(12) 1111(15) 0111(7) 0001(1) 0000(0) 1100(12) 
1110(14) 0111(7) 0011(3)... 

V. An application example of the proposed PRNG 

Cryptographically secure PRNGs are fundamental tools to 
communicate securely through the Internet. 

For example, in order to guarantee security of image 
transmission, the previous pseudo-random sequence can be 
used to encrypt the digital image (one-time pad encryption). 
The original image and the encrypted image are shown in 
Figures [3a) and HJa). Figures |5Jb) and |6jb) depict the 
histograms. It can be seen that the distribution of the encrypted 
image is very close to the uniform distribution, which can 
well protect the information of the image to withstand the 
statistical attack. 

TLS protocol is another example in which cryptograph- 
ically secure PRNGs are needed, during the generation of 
private key for symmetric cypher. This generation requires a 
high quality of the randomness for the PRNG. 

The generator presented in this paper has passed the whole 
NIST800-22 statistical test suite, so it can reasonably be 
considered as a possibly usable PRNG. We believe that this 




(a) The original image (b) The histogram of original image 



Figure 5: Distribution of original image 
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(a) The encrypted image (b) The histogram of encrypted image 

Figure 6: Distribution of encrypted image 

generator can also be used for cryptographic applications, 
because of its topological chaos quality. Indeed, it is proved in 
[2 1 that Devaney's chaos property is satisfied by the discrete 
chaotic iterations: they are regular, transitive and sensitive to 
initial conditions. 

Because of transitivity, the discrete dynamical system can- 
not be decomposed: the behavior of the system cannot be 
reduced to the study of one of its parts. As a consequence, 
the knowledge of a part of the private key (or the encrypted 
image) cannot help an hypothetical attacker to guess the whole 
key (image). Moreover, the sensitiveness conducts to the fact 
that, even if the attacker tries anyway to decrypt the cypher 
message by attempting to complete the part in his possession, 
he cannot succeed. 

Last the regularity participates to an increase of the random- 
ness of our generator and conducts to the impossibility of the 
prediction of its future evolution. Two very similar sequences 
can have completely different behaviors after some iterations, 
the first can quickly enter into a cycle whereas the second can 
follow a more divergent trajectory. Thus, two different seeds 
generate completely different keys. 

VI. Conclusions and future work 

In this paper, a novel pseudo-random generator based on 
discrete chaotic iterations is proposed. Different schemes 
are used to generate this chaotic sequence. A particular 
scheme (Scheme 6) offers a sufficiently secure randomness 
for cryptographic applications. The proposed PRNG is based 
on a rigorous framework. In addition, a detailed statistical 
analysis concerning the numbers produced by this method is 
given. These experimental results lead us to conclude that our 



generator is a very good and reliable PRNG and that chaotic 
iterations can be used in computer science security field|2]]. 

In future work, different random sequences will be used 
in place of logistic map, the influence of N and the range 
M. of m? for the output sequence will be explored and 
other iteration functions will be studied. New applications 
in computer science field will be proposed, specially in the 
security and cryptography domains. 
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APPENDIX 

In this appendix we give outline proofs of the properties 
on which our pseudo-random number generator is based. 

Denote by 5 the discrete boolean metric, 
S(x,y) = x = y. Given a function /, define the 
function Fj : [1; NJ x B N — > B N such that 

F f (k,E) = (Ej.SikJ) + f(E) k .S(kJ)) , 



Consider the phase space: X = [1; NJ W x B N and the map 

G f (S,E) = (a(S),F f (i(S),E)), 

then the chaotic iterations defined in (III-Ab can be described 
by the following iterations 

( x° ex 

{ x k+1 = G f (x k ). 

Let us define a new distance between two points 

(S,E),(S,E) e X by 

d((S,E);(S,E)) = d e (E,E) + d 8 (S,S), 

where 

N 

. d e (E,E) = Y,5(E k ,E k )€lO;N} 

k=l 

fe=i 

It is then proved in (2) by using the sequential continuity 
that 

Proposition 1 Gf is a continuous function on {X,d). 

Then, the vectorial negation fo(xi, . . . , x^) = (x±, . . . , 
satisfies the three conditions for Devaney's chaos, namely, 
regularity and transitivity and sensitivity in the metric space 
(X, d). This leads to the following result. 

Proposition 2 G/ is a chaotic map on (X,d) in the sense 
of Devaney. 



where + and . are the boolean addition and product operations. 
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